diff for duplicates of <1501077470.28419.8.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index c255e5f..3cbc193 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -12,18 +12,13 @@ On Tue, 2017-07-25 at 22:00 -0500, Serge E. Hallyn wrote: > > the namespace with different keys and keyrings. > > Ok, so Stefan's code to support userspace in a container reading -> security.ima and getting back the value for security.ima at uid=1000 +> security.ima and getting back the value for security.ima(a)uid=1000 > (if 1000 is the kuid of the container's root user) is in fact > useful to IMA? -Definitely! ?Root within the namespace needs to be able to read and +Definitely! Root within the namespace needs to be able to read and write security.ima in order to (re)sign files, with a specific key -known to that container. ?Stefan's code provides different views of +known to that container. Stefan's code provides different views of the security xattrs. Mimi - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 4d8b105..78c51f2 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,19 +1,9 @@ - "ref\0847ccb2a-30c0-a94c-df6f-091c8901eaa0@linux.vnet.ibm.com\0" - "ref\087bmoo8bxb.fsf@xmission.com\0" - "ref\09a3010e5-ca2b-5e7a-656b-fcc14f7bec4e@linux.vnet.ibm.com\0" - "ref\087h8yf7szd.fsf@xmission.com\0" - "ref\065dbe654-0d99-03fa-c838-5a726b462826@linux.vnet.ibm.com\0" - "ref\020170714133437.GA16737@mail.hallyn.com\0" - "ref\0596f808b-e21d-8296-5fef-23c1ce7ab778@linux.vnet.ibm.com\0" - "ref\020170714173556.GA19669@mail.hallyn.com\0" - "ref\0xagsmtp2.20170714182525.6604@vmsdvm4.vnet.ibm.com\0" - "ref\01500060374.3583.57.camel@linux.vnet.ibm.com\0" "ref\020170726030007.GA10087@mail.hallyn.com\0" - "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Wed, 26 Jul 2017 09:57:50 -0400\0" - "To\0linux-security-module@vger.kernel.org\0" - "\00:1\0" + "To\0lkp@lists.01.org\0" + "\01:1\0" "b\0" "On Tue, 2017-07-25 at 22:00 -0500, Serge E. Hallyn wrote:\n" "> On Fri, Jul 14, 2017 at 03:26:14PM -0400, Mimi Zohar wrote:\n" @@ -29,20 +19,15 @@ "> > the namespace with different keys and keyrings.\n" "> \n" "> Ok, so Stefan's code to support userspace in a container reading\n" - "> security.ima and getting back the value for security.ima at uid=1000\n" + "> security.ima and getting back the value for security.ima(a)uid=1000\n" "> (if 1000 is the kuid of the container's root user) is in fact\n" "> useful to IMA?\n" "\n" - "Definitely! ?Root within the namespace needs to be able to read and\n" + "Definitely! \302\240Root within the namespace needs to be able to read and\n" "write security.ima in order to (re)sign files, with a specific key\n" - "known to that container. ?Stefan's code provides different views of\n" + "known to that container. \302\240Stefan's code provides different views of\n" "the security xattrs.\n" "\n" - "Mimi\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Mimi -0c9dabdd94894ee520d892d3cfcb6477e8a5b773225aee7e91cd18c501ea1b62 +e93df2923324b955e3dfff3cc3b9addc512a001d9bd4deef7f78d4dcfebb9a0a
diff --git a/a/1.txt b/N2/1.txt index c255e5f..de882ba 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -12,18 +12,13 @@ On Tue, 2017-07-25 at 22:00 -0500, Serge E. Hallyn wrote: > > the namespace with different keys and keyrings. > > Ok, so Stefan's code to support userspace in a container reading -> security.ima and getting back the value for security.ima at uid=1000 +> security.ima and getting back the value for security.ima@uid=1000 > (if 1000 is the kuid of the container's root user) is in fact > useful to IMA? -Definitely! ?Root within the namespace needs to be able to read and +Definitely! Root within the namespace needs to be able to read and write security.ima in order to (re)sign files, with a specific key -known to that container. ?Stefan's code provides different views of +known to that container. Stefan's code provides different views of the security xattrs. Mimi - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N2/content_digest index 4d8b105..3e24b58 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -9,10 +9,24 @@ "ref\0xagsmtp2.20170714182525.6604@vmsdvm4.vnet.ibm.com\0" "ref\01500060374.3583.57.camel@linux.vnet.ibm.com\0" "ref\020170726030007.GA10087@mail.hallyn.com\0" - "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" - "Subject\0[PATCH v2] xattr: Enable security.capability in user namespaces\0" + "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Subject\0Re: [PATCH v2] xattr: Enable security.capability in user namespaces\0" "Date\0Wed, 26 Jul 2017 09:57:50 -0400\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Serge E. Hallyn <serge@hallyn.com>\0" + "Cc\0Eric W. Biederman <ebiederm@xmission.com>" + Stefan Berger <stefanb@linux.vnet.ibm.com> + Mimi Zohar <zohar@us.ibm.com> + Theodore Ts'o <tytso@mit.edu> + containers@lists.linux-foundation.org + lkp@01.org + linux-kernel@vger.kernel.org + tycho@docker.com + James.Bottomley@hansenpartnership.com + vgoyal@redhat.com + christian.brauner@mailbox.org + amir73il@gmail.com + linux-security-module@vger.kernel.org + " casey@schaufler-ca.com\0" "\00:1\0" "b\0" "On Tue, 2017-07-25 at 22:00 -0500, Serge E. Hallyn wrote:\n" @@ -29,20 +43,15 @@ "> > the namespace with different keys and keyrings.\n" "> \n" "> Ok, so Stefan's code to support userspace in a container reading\n" - "> security.ima and getting back the value for security.ima at uid=1000\n" + "> security.ima and getting back the value for security.ima@uid=1000\n" "> (if 1000 is the kuid of the container's root user) is in fact\n" "> useful to IMA?\n" "\n" - "Definitely! ?Root within the namespace needs to be able to read and\n" + "Definitely! \302\240Root within the namespace needs to be able to read and\n" "write security.ima in order to (re)sign files, with a specific key\n" - "known to that container. ?Stefan's code provides different views of\n" + "known to that container. \302\240Stefan's code provides different views of\n" "the security xattrs.\n" "\n" - "Mimi\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Mimi -0c9dabdd94894ee520d892d3cfcb6477e8a5b773225aee7e91cd18c501ea1b62 +7ce4b1a7b51885530655dc7f57c8895a77e10e1754627b4d0f7885f52d20fd3d
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.